Continued
Internal audit
The internal audit function is involved in the assessment of the quality of risk management and internal control and helps to promote and further develop effective risk management within the businesses. Certain internal audit assignments (such as those requiring specialist expertise) continue to be outsourced by the Head of Internal Audit to KPMG LLP as required. A policy has been established regarding the recruitment of staff from both KPMG LLP and PricewaterhouseCoopers LLP. The audit committee reviews internal audit reports and considers the effectiveness of the function.
Internal control
In a highly decentralised Group, where local management has considerable autonomy to run and develop their businesses, a well designed system of internal control is necessary to safeguard shareholders' investment and the Company's assets. The Directors acknowledge that they have overall responsibility for the Group's systems of internal control and for reviewing their effectiveness. In accordance with the guidance set out in the Turnbull Report "Internal Control: Guidance for Directors on the Combined Code", an ongoing process had been established for identifying, managing and evaluating the risks faced by the Group. This process has been in place for the full financial year and up to the date on which the financial statements were approved.
The systems are designed to manage rather than eliminate the risk of failure to achieve the Group's objectives, safeguard the Group's assets against material loss, fairly report the Group's performance and position and to ensure compliance with relevant legislation, regulation and best practice including that related to social, environmental and ethical matters. The systems provide reasonable, not absolute, assurance against material misstatement or loss. Such systems are regularly reviewed by the Board to deal with changing circumstances.
A summary of the key financial risks inherent in the Group's business is given in the Performance review. Risk assessment and evaluation is an integral part of the annual planning cycle. Each business documents the strategic objectives and the effectiveness of the Group's systems of internal control. As part of this review, each business area and function has been required to identify and document each significant risk, together with the mitigating actions implemented to manage, monitor and report to management on the effectiveness of these controls. Senior managers are also required to sign bi-annual confirmations of compliance with key procedures and to report any breakdowns in, or exceptions to, these procedures. Summarised results have been presented to senior management (including to the executive committee) and to the audit committee. These processes have been in place throughout the financial year ended 31 July 2006 and have continued to the date of this Report. The Board has reviewed the effectiveness of the Group's system of internal control for the year under review and a summary of the principal control structures and processes in place across the Group is set out below.
Control structures
Whilst the Board has overall responsibility for the Group's system of internal control and for reviewing its effectiveness, it has delegated responsibility for the internal control and risk management programme to the Group Finance Director. The detailed review of internal control and risk management has been delegated to the audit committee. The management of each Group company is responsible for internal control and risk management within its own business and for ensuring compliance with the Group's policies and procedures. Each Group company has appointed a risk director whose primary role in such capacity is to ensure compliance by local management with the Group's risk management and internal control programme. Both the internal and external auditors have reviewed the overall approach adopted by the Group towards its risk management activities so as to reinforce these internal control requirements.
Control processes
The Board reviews its strategic plans and objectives on an annual basis and approves Group company budgets and strategies in light of these. Control is exercised at both Group and subsidiary board level through monthly monitoring of performance by comparison to budgets, forecasts and cash targets and by regular visits to Group companies by the Group Chief Executive and Group Finance Director. Group companies approve and submit risk reports to the audit committee on a bi-annual basis, summarising the key risks facing their businesses and the controls in place to manage those risks. These reports, together with reports on internal control and departures, if any, from established Group procedures prepared by the internal and external auditors, are reviewed by the Group Finance Director and the audit committee. Group companies also submit annual risk and internal control representation letters to the Group Finance Director on internal control and risk management issues, with comments on the control environment within their operations. The Group Finance Director summarises these submissions for the audit committee and the Chairman of the audit committee reports to the Board on any matters which have arisen from the committee's review of the way in which the risk management and internal control processes have been applied. Group companies are also required to support the disclosures and attestations that the Group Chief Executive and Group Finance Director are required to give under the Sarbanes-Oxley Act.
The Board has formal procedures in place for the approval of investment and acquisition projects, with designated levels of authority, supported by post investment review processes for selected acquisitions and major capital expenditure. The Board considers social, environmental and ethical matters in relation to the Group's businesses and assesses these when reviewing the risks faced by the Group. The Board is conscious of the effect such matters may have on the short and long-term value of the Company. The external auditors of the Company and the Head of Internal Audit attend audit committee meetings and receive its papers. The report of the audit committee is set out earlier in this corporate governance section, and the audit committee members regularly meet the Head of Internal Audit and the external auditors without the presence of executive management.
As noted in the Corporate Social Responsibility section, the Company has entered into a level II American Depository Receipt programme with the Bank of New York and has securities registered with the US Securities and Exchange Commission ("the Commission"). As a result, the Company is required to comply with applicable US regulations including the Sarbanes-Oxley Act, insofar as it applies to foreign private issuers. In accordance with the Commission's recommendations, the Company has established a disclosure committee comprising the Group Chief Executive, Group Finance Director, Group Financial Controller and the Group Company Secretary and Counsel.
The Group Chief Executive and Group Finance Director will also provide the certificates required by the Sarbanes-Oxley Act when the Form 20-F for 2006 is filed. There were no changes to the Company's internal control over financial reporting that occurred during the year ended 31 July 2006 that have materially affected, or are reasonably likely to materially affect the Company's internal control over financial reporting. During the year, work necessary to achieve compliance with the requirements of Section 404 of the Sarbanes-Oxley Act related to internal controls has continued.
Compliance statement
The Company applied all of the principles set out in section 1 of the Code and the Revised Code for the period under review and has, throughout the year, complied with the detailed provisions set out therein, save that, during the period from 16 December 2005 to 31 July 2006 there was an imbalance between Executive and Non Executive Directors on the Board and following the introduction of a new Directors' bonus scheme in 2000, the pensionable salary of one Executive Director includes his bonus capped at a fixed amount.
The Company's auditors, PricewaterhouseCoopers LLP, are required to review whether the above statement reflects the Company's compliance with the nine provisions of the Code specified for its review by the Listing Rules of the UK Listing Authority and to report if it does not reflect such compliance. No such report has been made.
